Logout finally working, include credentials bug

Author: cryptoblivious

dev/the-last-stand/src/client/components/LogoutButton.tsx

@@ -9,8 +9,9 @@ const LogoutButton = () => {
     const formData = new FormData();
 
     fetch(`${HOST_URL}:${HOST_PORT}/auth/logout`, {
-      method: 'POST',
+      method: 'DELETE',
       body: formData,
+      credentials: 'include',
     })
       .then((res) => res.json())
       .then((res) => {

dev/the-last-stand/src/server/api/controllers/auth.ts

@@ -17,7 +17,6 @@ export const initializeGoogleOAuthStrategy = () => {
         clientSecret: GOOGLE_CLIENT_SECRET!,
         callbackURL: `${HOST_URL}:${HOST_PORT}/auth/google/callback`,
         passReqToCallback: true,
-        prompt: 'consent',
       },
       async (req, accessToken, refreshToken, profile, done) => {
         try {
@@ -129,17 +128,17 @@ export const isAdmin = async (req: any, res: any, next: any) => {
 //   }
 // };
 
-// Logout user v3
-export const logoutUser = (req: any, res: any) => {
-  try {
-    res.clearCookie('connect.sid');
-    res.cookie('connect.sid', '', { expires: new Date(0) });
-    console.log('cookie should be cleared');
-    return res.status(200).json({ message: 'Logged out' });
-  } catch (err: any) {
-    return res.status(500).json({ message: err });
-  }
-};
+// // Logout user v3 DOING SHIT FUCKALL
+// export const logoutUser = (req: any, res: any) => {
+//   try {
+//     res.clearCookie('connect.sid');
+//     res.cookie('connect.sid', '', { expires: new Date(0) });
+//     console.log('cookie should be cleared');
+//     return res.status(200).json({ message: 'Logged out' });
+//   } catch (err: any) {
+//     return res.status(500).json({ message: err });
+//   }
+// };
 
 // // Logout user v4
 // export const logoutUser = (req: any, res: any) => {
@@ -169,3 +168,13 @@ export const logoutUser = (req: any, res: any) => {
 //     });
 //   });
 // };
+
+// Logout user v6
+export const logoutUser = (req: any, res: any) => {
+  req.logout((err: any) => {
+    if (err) {
+      return res.status(500).json({ message: err });
+    }
+    return res.status(200).json({ message: 'Logged out' });
+  });
+};

dev/the-last-stand/src/server/api/routes/auth.ts

@@ -19,6 +19,6 @@ authRouter.get(
 
 authRouter.get('/check', checkAuth);
 
-authRouter.post('/logout', logoutUser);
+authRouter.delete('/logout', logoutUser);
 
 export default authRouter;

dev/the-last-stand/src/server/main.ts

@@ -6,6 +6,7 @@ import express from 'express';
 import mongoose from 'mongoose';
 import cors from 'cors';
 import session from 'express-session';
+import { Session, SessionData } from 'express-session';
 import MongoStore from 'connect-mongo';
 import passport from 'passport';
 
@@ -26,6 +27,12 @@ import authRouter from './api/routes/auth';
 import usersRouter from './api/routes/users';
 import heroesRouter from './api/routes/heroes';
 
+mongoose.set('strictQuery', false);
+dotenv.config();
+
+const { APP_MODE, MONGO_URI, SESSION_SECRET, HOST_PORT } = process.env as Record<string, string>;
+
+// Console eye candy
 console.log('    ___      _');
 console.log('   / __\\___ | |_   _ ___  ___ _   _ ___');
 console.log('  / /  / _ \\| | | | / __|/ _ \\ | | / __|');
@@ -38,11 +45,6 @@ console.log('--------------------------------------------------');
 console.log('Starter file created by Andrzej Wisniowski. Find my other projects at https://github.com/cryptoblivious');
 console.log('--------------------------------------------------');
 
-mongoose.set('strictQuery', false);
-dotenv.config();
-
-const { APP_MODE, MONGO_URI, SESSION_SECRET, CLIENT_URL, CLIENT_PORT, HOST_PORT } = process.env as Record<string, string>;
-
 // Options
 
 // Load SSL certificates and private keys if in production mode
@@ -71,7 +73,8 @@ console.log('✅ Options set.');
 const mongoStore = new MongoStore({
   mongoUrl: MONGO_URI,
   collectionName: 'sessions',
-  ttl: 60 * 15, // 15 minutes
+  ttl: 60 * 15, // 15 minutes,
+  touchAfter: 60 * 5, // 5 minutes
 });
 console.log('✅ Session store created.');
 
@@ -96,18 +99,6 @@ if (APP_MODE === 'prod') {
   console.log('✅ Redirect to https enabled.');
 }
 
-passport.serializeUser((user, done) => {
-  done(null, user.id);
-});
-
-passport.deserializeUser((id, done) => {
-  User.findById(id, (err: any, user: boolean | Express.User | null | undefined) => {
-    done(err, user);
-  });
-});
-
-initializeGoogleOAuthStrategy();
-
 app.use((req: any, res: { header: (arg0: string, arg1: string) => void }, next: () => void) => {
   res.header('Access-Control-Allow-Credentials', 'true');
   next();
@@ -124,24 +115,37 @@ app.use(
       secure: APP_MODE === 'prod' ? true : false,
       sameSite: 'strict',
     },
+    rolling: true,
   })
 );
 
-// Add this code after the session middleware to log the session ID
-app.use((req, res, next) => {
-  console.log('express-session ID:', req.sessionID); // Log the session ID generated by express-session
-  mongoStore.get(req.sessionID, (err) => {
-    if (err) {
-      console.error('Failed to get session from MongoStore:', err);
-    } else {
-      console.log('mongo-connect ID:', req.session.id); // Log the session ID generated by mongo-connect
-    }
-    next();
+passport.serializeUser((user, done) => {
+  done(null, user.id);
+});
+
+passport.deserializeUser((id, done) => {
+  User.findById(id, (err: any, user: boolean | Express.User | null | undefined) => {
+    done(err, user);
   });
 });
 
+initializeGoogleOAuthStrategy();
+
+// Add middleware to update the session timestamp in order to keep the serverside session alive
+app.use(function (req, res, next) {
+  interface ISession extends Session, SessionData {
+    lastAccess: Date;
+  }
+  const reqSession: ISession = req.session as ISession;
+  // Update the session timestamp
+  reqSession.lastAccess = new Date();
+
+  // Call the next middleware function in the chain
+  next();
+}); // REF : ChatGPT
+
 app.use(passport.session());
-app.use(passport.authenticate('session'));
+//app.use(passport.authenticate('session'));
 console.log('✅ Middleware defined.');
 
 // Hello World route